Vulnerability Details : CVE-2021-4376
The WooCommerce Multi Currency plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers to change the price of a product to an arbitrary value.
Products affected by CVE-2021-4376
- cpe:2.3:a:palscode:woocommerce_multi_currency:*:*:*:*:*:wordpress:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-4376
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 38 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-4376
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
2.8
|
1.4
|
NIST | |
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
2.8
|
1.4
|
Wordfence |
CWE ids for CVE-2021-4376
-
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.Assigned by:
- nvd@nist.gov (Primary)
- security@wordfence.com (Secondary)
References for CVE-2021-4376
-
https://wordpress.org/plugins/woo-multi-currency/#developers
CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce 7.x – WordPress plugin | WordPress.orgProduct
-
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2734576%40woo-multi-currency&new=2734576%40woo-multi-currency&sfp_email=&sfph_mail=
Changeset 2734576 for woo-multi-currency – WordPress Plugin RepositoryPatch
-
https://wpscan.com/vulnerability/480125bc-bab3-45b8-9325-a4d406655a61
Just a moment...Third Party Advisory
-
https://www.wordfence.com/threat-intel/vulnerabilities/id/d8a490c6-14c1-4c71-b44c-1e362cc892a8?source=cve
WooCommerce Multi Currency <= 2.1.17 - Missing AuthorizationThird Party Advisory
Jump to